Anshuman Singh
Smart cities principally depend upon information and communication technologies (ICT) to provide public services. Wherever valid, Internet of Things (IoT) enabled sensors, cloud computing, virtualisation and machine to machine (M2M) integration keep the cities’ ‘smart’ applications running. The objective behind the smart cities mission is to drive economic growth and improve the quality of urban living. But moving city systems online also runs the risk of making the infrastructure vulnerable to attacks and data breach scenario.
Acknowledging the Security Risks
The ubiquitous use of ICT, IoT, M2M, cloud computing, etc. has limitations as well as potential risks due to unawareness or ignorance related to IT security. Firstly, to be ‘smart’, many of the services the city offers, such as electricity or water may need web interface accessible on mobile platforms. Secondly, there is a need of constant connectivity for these applications to work efficiently. And finally, these applications will have large amounts of personal data that has to be safeguarded and protected to ensure that the data does not get compromised in any manner. Hence, Data protection and Information security will have to be of utmost importance to keep Smart Cities secured.
This has to be a shared responsibility of the Government, service providers and the citizens. While the Government and service providers need to ensure that they put in place the necessary infrastructure and processes for keeping the smart services available and secure, it is up to the citizens to be aware of the risks and to take necessary precautions.
Immunizing Physical Assets and associated Data
Considering that the exercise of watching over citizens is going to be simplified to a great deal by making all the information available online easily, the government also needs to consider the safety hazards it brings along. Increasing instances of cyber-crime are evidence to the serious threat hovering over the privacy of all individuals. Robust information security and data protection measures are needed to be installed in order to prevent any compromises on citizen-centric information.
Physical security of buildings and cities entitled with the storage of such information are subject to serious threats thus protecting the physical premises is also necessary.
Coping up with the Giant Data
Another aspect that needs to be taken into consideration while gearing up for smart cities is the enormous amount of data. Smart cities lay on the foundation of information that requires physical and virtual data storage. Hence it becomes very important to allocate data storage and also ensure data protection so that information is not compromised. Physical units of the data need to be kept under secure premises. Additionally, with the large amounts of data, there is a need to use the right information management tools so the data could be backed up and archived periodically in order to prevent any data loss, and to allow one to search through the system seamlessly for any information. For example, in smart cities, every citizen’s health records will be uploaded onto the servers. This will generate large amounts of data that would need to be stored and managed securely.
Dealing with Security breaches
Smart cities come with an idea of easy access to information for better governance and increased transparency. However, the same information can also be misused by notorious groups or even other nation states. Hence, the government should step in to ensure a robust data protection so that any sort of illegal tracking of data can be prevented. Also, proper frameworks and routes need to be defined and awareness needs to be created on what comes under the category of a cyber-crime, where one is crossing the line of transparency and moving into somebody’s personal territory. For example, there will be services for the citizens available online which will have personal information about each citizen. This website has to be secured via a strong Firewall and the government has to ensure that this information is protected with strong security measures.
Sensitizing Citizens on Data Sharing
There is also a need to sensitize the common people to seriously consider terms of information usage before using or installing any product/service. For example, photocopying and sharing documents that contain identity validity or banking details over e-services like messengers and emails is something one should refrain from. Also, one should take the terms and conditions seriously before installing any application, as these apps ask the users’ authorization to access their personal information.
The Smart Cities Mission will be incomplete without people who actively contribute in governance and reforms, and are also aware of do’s and don’ts for themselves.
The author is Director, Product Management of Application Security, Barracuda Networks